f84c6bbb4a1a86e9e6a3790008eb615e2ffae58d41ffa8965e148fd17d63127a

Analysis

max time kernel
90s
max time network
34s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
23/05/2023, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
Size

794KB
MD5

fee21ac3481dd6a48d5f3dce727fe2e4
SHA1

cbc0ae78c30bc9998c3cb6d65e86c24e17c8bbf3
SHA256

f84c6bbb4a1a86e9e6a3790008eb615e2ffae58d41ffa8965e148fd17d63127a
SHA512

6746a16c8d2d77720f2f6820e4840be7b2d58e2366aebbc60e2580466a5a7a2174a9193b72f1012fd123fe562b72606c05f901a877b6281bd1a484de21ffb3d8
SSDEEP

12288:65jLjqux1ANozInNcOOjCHieL1GbgZTmNRp03Vng/6Bl5JX5VV9:61n1A+NnWH7xGbiSn0ZFlfX5D9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1388	osk.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1716	Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe
1388	osk.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 1388	656	utilman.exe	30
PID 656 wrote to memory of 1388	656	utilman.exe	30
PID 656 wrote to memory of 1388	656	utilman.exe	30

C:\Users\Admin\AppData\Local\Temp\Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe
"C:\Users\Admin\AppData\Local\Temp\Alien Isolation V13.01.2019 Trainer +5 MrAntiFun.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
PID:512

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
- Suspicious use of WriteProcessMemory
PID:656
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1388

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hotkeys.txt

Filesize
78B

MD5
d00331bbeb0389b21697c7d5dd44fb5e

SHA1
cf53a6bf8245be34c42ddbc1bcd7bd8b13740a43

SHA256
afdcb15300fe1391602348c3d2212695478bb108455e747016f1a6eda8fa1d0b

SHA512
f6f5816a863e4331bed69dc6457516a9e5724dc83fce2b51886cb98322b739b52c8d3075144ee43ab8506822c0d57e598231a3aefcef2acaafcb990de4238bab

Download Submit
memory/1716-54-0x0000000001210000-0x0000000002210000-memory.dmp

Filesize
16.0MB

Download
memory/1716-55-0x0000000023F50000-0x0000000023F90000-memory.dmp

Filesize
256KB

Download
memory/1716-58-0x0000000023F50000-0x0000000023F90000-memory.dmp

Filesize
256KB

Download
memory/1716-59-0x0000000023F50000-0x0000000023F90000-memory.dmp

Filesize
256KB

Download
memory/1716-60-0x0000000023F50000-0x0000000023F90000-memory.dmp

Filesize
256KB

Download